diff options
Diffstat (limited to 'debug_toolbar')
| -rw-r--r-- | debug_toolbar/templates/debug_toolbar/panels/sql.html | 1 | ||||
| -rw-r--r-- | debug_toolbar/templates/debug_toolbar/panels/sql_select.html | 30 | ||||
| -rw-r--r-- | debug_toolbar/urls.py | 1 | ||||
| -rw-r--r-- | debug_toolbar/views.py | 31 |
4 files changed, 63 insertions, 0 deletions
diff --git a/debug_toolbar/templates/debug_toolbar/panels/sql.html b/debug_toolbar/templates/debug_toolbar/panels/sql.html index 6a2d077..2abb68f 100644 --- a/debug_toolbar/templates/debug_toolbar/panels/sql.html +++ b/debug_toolbar/templates/debug_toolbar/panels/sql.html @@ -13,6 +13,7 @@ <td>{{ query.time|floatformat:"4" }}</td> <td> {% if query.params %} + <a class="remoteCall" href="/__debug__/sql_select/?sql={{ query.raw_sql|urlencode }}¶ms={{ query.params|urlencode }}&time={{ query.time|floatformat:"4"|urlencode }}&hash={{ query.hash }}">SELECT</a> <a class="remoteCall" href="/__debug__/sql_explain/?sql={{ query.raw_sql|urlencode }}¶ms={{ query.params|urlencode }}&time={{ query.time|floatformat:"4"|urlencode }}&hash={{ query.hash }}">EXPLAIN</a> {% endif %} </td> diff --git a/debug_toolbar/templates/debug_toolbar/panels/sql_select.html b/debug_toolbar/templates/debug_toolbar/panels/sql_select.html new file mode 100644 index 0000000..73109ef --- /dev/null +++ b/debug_toolbar/templates/debug_toolbar/panels/sql_select.html @@ -0,0 +1,30 @@ +<a class="back" href="">« Back</a> +<h3>SQL Selected</h3> +<dl> + <dt>Executed SQL</dt> + <dd><pre>{{ sql|safe }}</pre></dd> + <dt>Time</dt> + <dd>{{ time }} ms</dd> +</dl> +{% if result %} +<table> + <thead> + <tr> + {% for h in headers %} + <th>{{ h|upper }}</th> + {% endfor %} + </tr> + </thead> + <tbody> + {% for row in result %} + <tr class="{% cycle 'odd' 'even' %}"> + {% for column in row %} + <td>{{ column|escape }}</td> + {% endfor %} + </tr> + {% endfor %} + </tbody> +</table> +{% else %} + <p>Empty set</p> +{% endif %} diff --git a/debug_toolbar/urls.py b/debug_toolbar/urls.py index e0e4b7a..437d36b 100644 --- a/debug_toolbar/urls.py +++ b/debug_toolbar/urls.py @@ -9,5 +9,6 @@ from django.conf import settings urlpatterns = patterns('', url(r'^__debug__/m/(.*)$', 'debug_toolbar.views.debug_media'), + url(r'^__debug__/sql_select/$', 'debug_toolbar.views.sql_select', name='sql_select'), url(r'^__debug__/sql_explain/$', 'debug_toolbar.views.sql_explain', name='sql_explain'), ) diff --git a/debug_toolbar/views.py b/debug_toolbar/views.py index b67a70b..4b666e1 100644 --- a/debug_toolbar/views.py +++ b/debug_toolbar/views.py @@ -20,6 +20,37 @@ def debug_media(request, path): root = os.path.join(parent, 'media') return django.views.static.serve(request, path, root) +def sql_select(request): + """ + Returns the output of the SQL SELECT statement. + + Expected GET variables: + sql: urlencoded sql with positional arguments + params: JSON encoded parameter values + time: time for SQL to execute passed in from toolbar just for redisplay + hash: the hash of (secret + sql + params) for tamper checking + """ + from debug_toolbar.panels.sql import reformat_sql + sql = request.GET.get('sql', '') + params = request.GET.get('params', '') + hash = sha_constructor(settings.SECRET_KEY + sql + params).hexdigest() + if hash != request.GET.get('hash', ''): + return HttpResponse('<h3>Tamper alert</h3>') # SQL Tampering alert + if sql.lower().startswith('select'): + params = simplejson.loads(params) + cursor = connection.cursor() + cursor.execute(sql, params) + headers = [d[0] for d in cursor.description] + result = cursor.fetchall() + cursor.close() + context = { + 'result': result, + 'sql': reformat_sql(cursor.db.ops.last_executed_query(cursor, sql, params)), + 'time': request.GET.get('time', 0.0), + 'headers': headers, + } + return render_to_response('debug_toolbar/panels/sql_select.html', context) + def sql_explain(request): """ Returns the output of the SQL EXPLAIN on the given query. |